commit adc40a1d2c0d8be8b4e082fecc22722372b7a0cb Author: Mike Perry <mikeperry-git@fscked.org> Date: Tue Dec 6 14:29:49 2011 -0800 Bug 4517: Disable external drag and drop. We basically remove all the url-containing drag and drop mime-types from the drag action. This seems to still allow you to drag stuff within TBB (because it uses its own internal secret types), but prevents dragging to outside apps. --- src/chrome.manifest | 1 + src/components/external-app-blocker.js | 103 +++++++++++++++++++++++++++++++- src/install.rdf | 2 +- 3 files changed, 102 insertions(+), 4 deletions(-) diff --git a/src/chrome.manifest b/src/chrome.manifest index cda8bb9..2172815 100644 --- a/src/chrome.manifest +++ b/src/chrome.manifest @@ -132,6 +132,7 @@ component {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} components/external-app-blocker contract @mozilla.org/mime;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} contract @mozilla.org/uriloader/external-protocol-service;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} contract @mozilla.org/uriloader/external-helper-app-service;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} +contract @mozilla.org/widget/dragservice;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} component {aef08952-b003-4697-b935-a392367e214f} components/tbSessionStore.js contract @torproject.org/torbutton-ss-blocker;1 {aef08952-b003-4697-b935-a392367e214f} diff --git a/src/components/external-app-blocker.js b/src/components/external-app-blocker.js index a83f50c..7b68a21 100644 --- a/src/components/external-app-blocker.js +++ b/src/components/external-app-blocker.js @@ -11,16 +11,21 @@ const kMODULE_CONTRACTID_APP = "@mozilla.org/uriloader/external-helper-app-servi const kMODULE_CONTRACTID_PROTO = "@mozilla.org/uriloader/external-protocol-service;1"; const kMODULE_CONTRACTID_MIME = "@mozilla.org/mime;1"; +const kMODULE_CONTRACTID_DRAG = "@mozilla.org/widget/dragservice;1"; + + const kMODULE_CID = Components.ID("3da0269f-fc29-4e9e-a678-c3b1cafcf13f"); /* Mozilla defined interfaces for FF3.0 */ const kREAL_EXTERNAL_CID = "{A7F800E0-4306-11d4-98D0-001083010E9B}"; - const kExternalInterfaces = ["nsIObserver", "nsIMIMEService", "nsIExternalHelperAppService", "nsISupportsWeakReference", // XXX: Uh-oh... "nsIExternalProtocolService", "nsPIExternalAppLauncher"]; + +const kREAL_DRAG_CID = "{8b5314bb-db01-11d2-96ce-0060b0fb9956}"; +const kDragInterfaces = ["nsIDragService"]; const Cr = Components.results; const Cc = Components.classes; @@ -38,6 +43,7 @@ function ExternalWrapper() { this.logger.log(3, "Component Load 0: New ExternalWrapper."); this._real_external = Components.classesByID[kREAL_EXTERNAL_CID]; + this._real_drag = Components.classesByID[kREAL_DRAG_CID]; this._interfaces = kExternalInterfaces; this._prefs = Components.classes["@mozilla.org/preferences-service;1"] @@ -52,6 +58,15 @@ function ExternalWrapper() { }; this.copyMethods(this._external()); + + this._drag = function() { + var drag = this._real_drag.getService(); + for (var i = 0; i < kDragInterfaces.length; i++) { + drag.QueryInterface(Components.interfaces[kDragInterfaces]); + } + return drag; + }; + this.copyMethods(this._drag()); } ExternalWrapper.prototype = @@ -62,8 +77,13 @@ ExternalWrapper.prototype = return this; } - var external = this._external().QueryInterface(iid); - this.copyMethods(external); + try { + var external = this._external().QueryInterface(iid); + this.copyMethods(external); + } catch(e) { + var drag = this._drag().QueryInterface(iid); + this.copyMethods(drag); + } return this; }, @@ -83,6 +103,10 @@ ExternalWrapper.prototype = interfaceList.push(Components.interfaces[this._interfaces[i]]); } + for (var i = 0; i < kDragInterfaces.length; i++) { + interfaceList.push(Components.interfaces[kDragInterfaces[i]]); + } + count.value = interfaceList.length; return interfaceList; }, @@ -199,6 +223,71 @@ ExternalWrapper.prototype = return this._external().doContent(aMimeContentType, aRequest, aWindowContext, aForceSave); }, + // from nsIDragService + invokeDragSessionWithImage: function(aDOMNode, aTransferableArray, aRegion, aActionType, aImage, aImageX, aImageY, aDragEvent, aDataTransfer) { + aActionType = 0; + + for(var i = 0; i < aTransferableArray.Count(); i++) { + this.logger.log(3, "Inspecting drag+drop transfer: "+i); + var tr = aTransferableArray.GetElementAt(i); + tr.QueryInterface(Ci.nsITransferable); + + var flavors = tr.flavorsTransferableCanExport() + .QueryInterface(Ci.nsISupportsArray); + + for (var f=0; f < flavors.Count(); f++) { + var flavor =flavors.GetElementAt(f); + flavor.QueryInterface(Ci.nsISupportsCString); + + this.logger.log(3, "Got drag+drop flavor: "+flavor); + if (flavor == "text/x-moz-url" || + flavor == "text/x-moz-url-data" || + flavor == "text/uri-list" || + flavor == "application/x-moz-file-promise-url") { + this.logger.log(3, "Removing "+flavor); + try { tr.removeDataFlavor(flavor); } catch(e) {} + continue; + } + + /* + var data = {}, len = {}; + try { + tr.getTransferData(flavor, data, len); + this.logger.log(3, "Got data: "+data.value.QueryInterface(Ci.nsISupportsString).data); + } catch(e) { + } + */ + } + } + + return this._drag().invokeDragSessionWithImage(aDOMNode, aTransferableArray, aRegion, aActionType, aImage, aImageX, aImageY, aDragEvent, aDataTransfer); + }, + /* + fireDragEventAtSource: function( aMsg ) { + this.logger.log(4, "FIRE AT THE SOURCE!!!"); + return this._drag().fireDragEventAtSource(aMsg); + }, + + invokeDragSession: function(aDOMNode, aTransferables, aRegion, aActionType ) { + this.logger.log(4, "InvokeDragSession!"); + return this._drag().invokeDragSession(aDOMNode, aTransferables, aRegion, aActionType ); + }, + invokeDragSessionWithSelection: function(aSelection, aTransferableArray, aActionType, aDragEvent, aDataTransfer) { + this.logger.log(4, "InvokeDragSessionWithSelection!!"); + return this._drag().invokeDragSessionWithSelection(aSelection, aTransferableArray, aActionType, aDragEvent, aDataTransfer); + }, + + endDragSession: function(aDoneDrag) { + this.logger.log(4, "EndDrag"); + return this._drag().endDragSession(aDoneDrag); + }, + + startDragSesssion: function() { + this.logger.log(4, "StartDrag"); + return this._drag().startDragSession(); + } + */ + }; var ExternalWrapperSingleton = null; @@ -250,6 +339,14 @@ function (compMgr, fileSpec, location, type) { fileSpec, location, type); + + compMgr.registerFactoryLocation(kMODULE_CID, + kMODULE_NAME, + kMODULE_CONTRACTID_DRAG, + fileSpec, + location, + type); + }; ExternalWrapperModule.getClassObject = function (compMgr, cid, iid) diff --git a/src/install.rdf b/src/install.rdf index 3a95f96..34e433c 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -6,7 +6,7 @@ <em:name>Torbutton</em:name> <em:creator>Mike Perry & Kory Kirk</em:creator> <em:id>{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}</em:id> - <em:version>1.4.4.1</em:version> + <em:version>1.4.5pre</em:version> <em:homepageURL>https://www.torproject.org/torbutton/</em:homepageURL> <em:optionsURL>chrome://torbutton/content/preferences.xul</em:optionsURL> <em:iconURL>chrome://torbutton/skin/tor.png</em:iconURL>